Some time ago while tracking Winnti group activity we came across a standalone utility with the name HDD Rootkit for planting a bootkit on a computer. During our investigation we found several backdoors that the HDRoot bootkit used for infecting operating systems. Read Full Article
I am HDRoot! Part 1
Famous Chinese-speaking cybercriminal APT actor Winnti has been observed targeting pharmaceutical businesses. New threat, which Kaspersky Lab has called “HDRoot” after the original tool’s name “HDD Rootkit”, is a universal platform for a sustainable and persistent appearance in a targeted system, which can be used to launch any other tool. Read Full Article
Malicious Boot loaders
The sky is the limit for cybercriminal’s creativity. The latest wave are malicious boot loaders, the kit has been pioneered by Brazilian Trojan bankers who aim to remove security software. Read Full Article
The Chinese bootkit
We recently discovered a new bootkit, i.e. a malicious program which infects the hard drive’s boot sector. Kaspersky Lab detects it as Rookit.Win32.Fisp.a. Read Full Article
TDSS
The TDSS rootkit first appeared in 2008. Since then, it has become far more widespread than the notorious rootkit Rustock. The rootkit’s malicious payload and the difficulties it presents for analysis are effectively similar to those of the bootkit. Read Full Article